[debian-mysql] Bug#984997: Bug#984997: Bug#984997: Bug#984997: mariadb-server-10.5: database password passed in cleartext both on commandline and in environment
Otto Kekäläinen
otto at debian.org
Sun May 9 01:24:05 BST 2021
Hello!
If this was fixed in some Galera release, please let me know.
I did not see any Forwarded: line in
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984997
On Tue, 16 Mar 2021 at 00:18, Olaf van der Spek <ml at vdspek.org> wrote:
>
> On Mon, Mar 15, 2021 at 2:33 PM <alexey.yurchenko at galeracluster.com> wrote:
> > Speaking of environment, AFAIK on modern systems it can be read only by
> > sufficiently privileged user, so I don't see how it is less secure than
> > a file (which will have to have the same permissions as
> > /proc/<PID>/environ). Could you elaborate how is it less secure than
> > using --defaults-extra-file?
>
> Environment data 'leaks' easier than file contents.
> For example, when developing / debugging, one could easily copy/paste
> all environment data, including the password (by accident), and post
> it online when asking for help.
>
> _______________________________________________
> pkg-mysql-maint mailing list
> pkg-mysql-maint at alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-mysql-maint
--
- Otto
More information about the pkg-mysql-maint
mailing list